clientHello 后的 SSL 握手失败 [英] SSL handshake_failure after clientHello

问题描述

我正在尝试使用带有 WolfSSL 的 tls1.2 将嵌入式设备连接到 smtp.gmail.com:465.该库创建并发送以下 clientHello 消息并收到握手失败.

16 03 03 00 4f 01 00 00 4b 03 03 2e 2a ec 85 7f15 dd 09 5f 22 d1 53 82 60 d7 80 67 28 aa 67 48ce f0 71 ab 63 d0 b2 3e 55 3a 05 00 00 14 c0 27c0 23 c0 0a c0 09 c0 07 c0 08 c0 14 c0 13 c0 11c0 12 01 00 00 0e 00 0d 00 0a 00 08 04 03 02 0304 01 02 01

这是收到的消息；

15 03 03 00 02 02 28

从 wireshark 截图 中可以看出，以下密码套件支持客户；

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)****TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)**TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)

...并且客户端支持以下签名算法(请看截图底部的十六进制部分，wireshark不解码签名算法)

04 03: SHA256 EDCSA02 03:SHA1 EDCSA04 01:SHA256 RSA02 01:SHA1 RSA

另一方面，smtp.gmail.com 支持以下密码套件；(这是通过在此处运行脚本获得的:superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers")

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA****TLS_ECDHE_RSA_WITH_RC4_128_SHA**TLS_RSA_WITH_AES_128_GCM_SHA256TLS_RSA_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_AES_128_CBC_SHASSL_RSA_WITH_RC4_128_SHASSL_RSA_WITH_RC4_128_MD5TLS_RSA_WITH_AES_256_GCM_SHA384TLS_RSA_WITH_AES_256_CBC_SHA256TLS_RSA_WITH_AES_256_CBC_SHASSL_RSA_WITH_3DES_EDE_CBC_SHA

如上所示，这两个套件匹配.

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_RC4_128_SHA

而且，我已经检查了www.digicert.com/help/"中的证书(使用smtp.gmail.com:465")并得到了这个:Digicert 截图

• 签名算法 = SHA256 + RSA(优秀)

这也匹配

根据tools.ietf.org/html/rfc5246#section-7.2.2"

<块引用>

 收到握手失败警报消息表明发件人无法协商一组可接受的安全性给定可用选项的参数.这是一个致命的错误.

据我所知，除了握手失败的密码套件和签名算法不匹配之外，还有其他原因，或者我遗漏了一些非常重要的东西.我正在寻找失败的原因，但我找不到.我将不胜感激任何帮助或任何想法.握手失败的原因是什么?

对于无法点击的链接，我深表歉意.stackoverflow 不允许我添加超过 2 个链接.当有 10 个声望时，我会用常规链接替换它们:)

解决方案

我刚刚遇到这个问题，我意识到这已经很长时间了.我后悔没有早点找到这个.

对于将来遇到这种情况的用户，但是...

我知道在连接到 Google 服务器时的一项要求在过去 6-9 个月内发生了变化.如果客户端 hello 数据包不包含支持的曲线扩展，Google 服务器将完全忽略任何连接尝试.

在构建 wolfSSL 库以连接到任何谷歌服务器时，您能否尝试将这些定义添加到您的默认设置中:

#define HAVE_SUPPORTED_CURVES#define HAVE_TLS_EXTENSIONS

(相应的配置选项将是:--enable-supportedcurves"，它将定义上述两个预处理器宏)

并在具有 API 的任何客户端应用程序中至少加载一条受支持的曲线:

wolfSSL_UseSupportedCurve(ssl, );

支持的曲线列表可以在 (wolfssl-root)/wolfcrypt/src/ecc.c 顶部的评论部分找到

I am trying to connect an embedded device to smtp.gmail.com:465 using tls1.2 with WolfSSL. The library creates and sends the following clientHello message and receives a handshake failure.

16 03 03 00 4f 01 00 00  4b 03 03 2e 2a ec 85 7f
15 dd 09 5f 22 d1 53 82  60 d7 80 67 28 aa 67 48 
ce f0 71 ab 63 d0 b2 3e  55 3a 05 00 00 14 c0 27 
c0 23 c0 0a c0 09 c0 07  c0 08 c0 14 c0 13 c0 11 
c0 12 01 00 00 0e 00 0d  00 0a 00 08 04 03 02 03 
04 01 02 01

Here is the received message;

15 03 03 00 02 02 28

As can be seen in the wireshark screenshot, the following cipher suites are supported by the client;

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)**
**TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)**
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)

...and the following signature algorithms are supported by the client (please see hexadecimal part at the bottom of the screenshot, wireshark does not decode signature algorithms)

04 03: SHA256 EDCSA
02 03: SHA1   EDCSA
04 01: SHA256 RSA
02 01: SHA1   RSA

On the other hand, smtp.gmail.com supports the following cipher suites; (This is obtained by running script here: "superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers")

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA**
**TLS_ECDHE_RSA_WITH_RC4_128_SHA**
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA

As can be seen above, these two suites match.

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_RC4_128_SHA

And, I've checked the certificate in "www.digicert.com/help/" (use "smtp.gmail.com:465") and got this: Digicert Screenshot

• Signature algorithm = SHA256 + RSA (excellent)

This matches as well

According to "tools.ietf.org/html/rfc5246#section-7.2.2"

  Reception of a handshake_failure alert message indicates that the
  sender was unable to negotiate an acceptable set of security
  parameters given the options available.  This is a fatal error.

As far as I understand, there exists other reasons than cipher suite and signature algorithm mismatch for handshake_failure or I am missing something very big. I am looking for the reason of the failure but I am unable to find. I would be grateful for any help or any idea. What can be the cause of handshake_failure?

I am very sorry for unclickable links. stackoverflow does not allow me to add more than 2 links. I will replace them with regular links when have 10 reputations :)

解决方案

I just came across this and I realize it has been a long time. I regret I did not find this sooner.

For users experiencing this in the future however...

I am aware of a requirement when connecting to google servers that has changed in the last 6-9 months. Google servers will outright ignore any connection attempt if the client hello packet does not include the supported curves extension.

Could you try adding these defines to your default settings when building the wolfSSL library with the intent of connecting to ANY google servers:

#define HAVE_SUPPORTED_CURVES
#define HAVE_TLS_EXTENSIONS

(Corresponding configure option would be: "--enable-supportedcurves" which will define both of the above pre-processor macros)

and load at least one supported curve in any client application with the API:

wolfSSL_UseSupportedCurve(ssl, <CURVE NAME>);

A list of supported curves can be found in the comment section at the top of (wolfssl-root)/wolfcrypt/src/ecc.c

这篇关于clientHello 后的 SSL 握手失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！